Alert GCSA-20105 - Apple Security Updates (APPLE-SA-2020-11-13)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-20105
Data: 16 Novembre 2020
Titolo: Apple Security Updates (APPLE-SA-2020-11-16)
******************************************************************
:: Descrizione
Apple ha rilasciato degli aggiornamenti di sicurezza che risolvono delle
vulnerabilita' presenti nei sistemi operativi e nelle applicazioni.
Alcune delle vulnerabilita' sono attualmente in corso di sfruttamento.
Questo bollettino comprende:
- - un aggiornamento del bollettino gia' emesso APPLE-SA-2020-09-16
per quanto riguarda tvOS, iPadOS, iOS
- - un aggiornamento del bollettino gia' emesso APPLE-SA-2020-11-05
per quanto riguarda macOS Big Sur
- - Un nuovo bollettino per quanto riguarda macOS High Sierra e Mojave
Per una descrizione degli aggiornamenti consultare le segnalazioni
ufficiali alla sezione 'Riferimenti'.
:: Software interessato
iOS
iPadOS
watchOS
macOS Catalina, High Sierra, Mojave, Big Sur
tvOS
Safari
:: Impatto
Esecuzione remota di codice arbitrario
Denial of Service
Aumento dei privilegi
Rivelazione di informazioni riservate
:: Soluzione
Aggiornare i software alle seguenti versioni:
iOS 12.4.9
iOS 14.2
iPadOS 14.2
watchOS 5.3.9
watchOS 6.2.9
watchOS 7.1
macOS High Sierra 10.13.6, Mojave 10.14.6
macOS Big Sur 11.0.1
tvOS 14.2
Safari 14.01
:: Riferimenti
Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT211928
https://support.apple.com/en-us/HT211929
https://support.apple.com/en-us/HT211930
https://support.apple.com/en-us/HT211940
https://support.apple.com/en-us/HT211944
https://support.apple.com/en-us/HT211945
https://support.apple.com/en-us/HT211947
https://support.apple.com/en-us/HT211931
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2020/11/13/apple-releases-security-updates-multiple-products
Mitre CVE (in aggiunta ai precedenti bollettini gia' emessi)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10006
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX7KhTQAKCRDBnEyTZRJg
QtxsAKDLcuR8IcV8l3N90dG8FaDrZRFYPQCfbV+DYrfbmWtBkUlDvm0+w/GRhSc=
=9MJB
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID: GCSA-20105
Data: 16 Novembre 2020
Titolo: Apple Security Updates (APPLE-SA-2020-11-16)
******************************************************************
:: Descrizione
Apple ha rilasciato degli aggiornamenti di sicurezza che risolvono delle
vulnerabilita' presenti nei sistemi operativi e nelle applicazioni.
Alcune delle vulnerabilita' sono attualmente in corso di sfruttamento.
Questo bollettino comprende:
- - un aggiornamento del bollettino gia' emesso APPLE-SA-2020-09-16
per quanto riguarda tvOS, iPadOS, iOS
- - un aggiornamento del bollettino gia' emesso APPLE-SA-2020-11-05
per quanto riguarda macOS Big Sur
- - Un nuovo bollettino per quanto riguarda macOS High Sierra e Mojave
Per una descrizione degli aggiornamenti consultare le segnalazioni
ufficiali alla sezione 'Riferimenti'.
:: Software interessato
iOS
iPadOS
watchOS
macOS Catalina, High Sierra, Mojave, Big Sur
tvOS
Safari
:: Impatto
Esecuzione remota di codice arbitrario
Denial of Service
Aumento dei privilegi
Rivelazione di informazioni riservate
:: Soluzione
Aggiornare i software alle seguenti versioni:
iOS 12.4.9
iOS 14.2
iPadOS 14.2
watchOS 5.3.9
watchOS 6.2.9
watchOS 7.1
macOS High Sierra 10.13.6, Mojave 10.14.6
macOS Big Sur 11.0.1
tvOS 14.2
Safari 14.01
:: Riferimenti
Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT211928
https://support.apple.com/en-us/HT211929
https://support.apple.com/en-us/HT211930
https://support.apple.com/en-us/HT211940
https://support.apple.com/en-us/HT211944
https://support.apple.com/en-us/HT211945
https://support.apple.com/en-us/HT211947
https://support.apple.com/en-us/HT211931
US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2020/11/13/apple-releases-security-updates-multiple-products
Mitre CVE (in aggiunta ai precedenti bollettini gia' emessi)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27903
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27910
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9943
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9944
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27906
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9999
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27894
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14899
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27900
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10663
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15358
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13435
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10006
GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----
iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCX7KhTQAKCRDBnEyTZRJg
QtxsAKDLcuR8IcV8l3N90dG8FaDrZRFYPQCfbV+DYrfbmWtBkUlDvm0+w/GRhSc=
=9MJB
-----END PGP SIGNATURE-----